Pages

Tuesday, September 29, 2015

HR 3583 Introduced – PREPARE Act

Last week Rep. McSally (R,AZ) introduced HR 3583, the Promoting
Resilience and Efficiency in Preparing for Attacks and Responding to
Emergencies (PREPARE) Act. The bill reauthorizes and makes minor modifications
to a number of emergency response and planning grant programs. Program changes
of specific interest to readers of this blog include

• Cybersecurity protections for
Public Safety Broadband Network;

• DHS use of social networking; and

• The medical countermeasures program

FirstNet
Cybersecurity

Section 206 of the bill requires the DHS National Protection
and Programs Directorate Under Secretary to provide Congress with a report on
the cybersecurity support that DHS is providing to the Department of Commerce FirstNet program. Specifically the Under
Secretary is tasked with the requirement “to identify and address cyber risks
that could impact the near term or long term availability and operations of such
[public safety broadband] network and recommendations to mitigate such risks”.

Social Networking

Section 207 of the bill would add §318 to the Homeland Security Act of 2002. It
provides for the establishment of a DHS Social Media Working Group. Alert readers
of this blog will realize that I
recently reported that the HR 623, with nearly identical language, has been
reported in the Senate.

Medical
Countermeasures Program

Section 303 of the bill would add §527 to the Homeland Security Act of 2002. It
establishes a medical countermeasures program under the DHS Chief Medical
Officer. The program is to be designed to “facilitate personnel readiness, and
protection for working animals, employees, and individuals in the Department’s
care and custody, in the event of a chemical, biological, radiological,
nuclear, or explosives attack, naturally occurring disease outbreak, or
pandemic” {new §527(a)}.

Moving Forward

McSally is the Chair of the Emergency Preparedness,
Response, and Communications Subcommittee of the House Homeland Security
Committee. The Committee Chair, Rep. McCaul, is cosponsor of this bill. So
there is certainly the political will and power to move this bill forward.

The Subcommittee marked-up
this bill before it was introduced. The full Committee markup
is scheduled for Wednesday. I suspect that the bill will be approved by a
voice vote without further amendment. If so it will move to the floor of the
House before the end of the year; probably to be considered under suspension of
the rules with little debate and no floor amendments.

Commentary

The Congress is taking more and more actions like that seen
here in specifying that DHS will report on the cybersecurity of FirstNet. These
little one section toss offs in a wide variety of legislation are doing more to
further the centralization of cybersecurity responsibility in DHS than any
single piece of legislation could. I expect that this means that I am going to
have to be watching a wider variety of bills to find those mentions that might
be of specific interest to the control system security community.

I am not sure why the Social Media Working Group language is
once again in legislation that is obviously heading to the floor. It was
already passed in the House as a standalone bill. The only thing that makes a modicum
of sense is that McSally and McCaul do not expect the Senate to actually take
up HR 623 and they really want this group to be formed.

Of concern to me is that this version of the §318 language is also missing
any mention of monitoring social media to provide situational awareness to the
Department. While the intel folks are trying desperately to monitor the social
network communications of IS and AQ supporters, the emergency response folks
are, due to excessive concern with avoiding the appearance of spying on the
public, being forced to ignore the vital information that could be available in
natural disasters and after attacks or manmade disasters. A vitally important
requirement for this SMWG should be the development of tools to abstract
information from publicly available social networks to support emergency
response.

The medical countermeasures program also seems to be an
overly limited, if certainly legitimate DHS program. DHS certainly has a responsibility
to ensure that medically foreseeable countermeasures to CBRNE attacks are
available to keep their troops in the field fully functioning in their
emergency response and criminal investigation capacities in the event of such attacks.

With minimal expansion of responsibility, however, the DHS Office
of Health Affairs could be developing plans and standards for the deployment of
medical countermeasures to the general public. In particular, incidents like
the acrylonitrile
train wreck this summer point to the need for the centralized stockpiling
and subsequent distribution of medical countermeasures for industrial chemical
accidents. OHA could have been tasked in this bill with the requirement to
identify those industrial chemicals requiring specific medical countermeasures
that would not routinely be available to local emergency rooms. In conjunction
with such a list they could have been required to submit a plan to Congress on
how a regional stockpiling and distribution plan could be put together for such
countermeasures.

About Me

I spent 15 years in the US Army as an Infantry NCO. After getting out of the Army I started working in the chemical industry, getting my BSc Chemistry degree while working as a technician. I spent 12 years working as a process chemist in a specialty chemical company. Most recently I worked as a QA/R&D Manager in a specialty chemical manufacturing facility. Currently I am working as a freelance writer.